我正在学习Django 1.3 Web开发,但在登录时遇到了以下错误。
这本书指出,它应该包含django.contrib.auth.views.login,而我正在将其包含在内。
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
这是我的settings.py包含的应用程序列表。它完全按照书上所说的方式。
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
'djangocricket.Cricket',
'djangocricket.cms'
)
这本书指出,它应该包含django.contrib.auth.views.login,而我正在将其包含在内。
urlpatterns = patterns('',
# Examples:
url(r'^$', 'djangocricket.Cricket.views.index', name='default'),
url(r'^user/(\w+)/$', 'djangocricket.Cricket.views.user_home', name='user home'),
url(r'^login/$', 'django.contrib.auth.views.login'),
# url(r'^djangocricket/', include('djangocricket.foo.urls')),
# Uncomment the admin/doc line below to enable admin documentation:
#url(r'^admin/doc/', include('django.contrib.admindocs.urls')),
# Uncomment the next line to enable the admin:
url(r'^news/', 'djangocricket.cms.views.index', name='index'),
#url(r'^news/(?P<slug>[^\.]+).html', 'djangocricket.cms.views.detail', name='get_single_news_item'),
url(r'^admin/', include(admin.site.urls)),
)
我的注册/登录页面是从书上复制粘贴来的。它应该可以使用。
<html>
<head>
<title>Django Bookmarks - User Login</title>
</head>
<h1>User Login</h1>
{% if form.errors %}
<p>Your username and password didn't match.
Please try again.</p>
{% endif %}
<form method="post" action=".">
<p><label for="id_username">Username:</label>
{{ form.username }}</p>
<p><label for="id_password">Password:</label>
{{ form.password }}</p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
</body>
</html>
我错过了什么?
CSRF 验证
(出于某些原因),这篇 Stack Overflow 帖子 可能会有帮助。 - JPG